Pages

Tuesday, February 5, 2013

ModSecurity Log Auditing System in PHP (MSLA Project)

Light MSLA is a "Light Mod Security Log Auditing" tools that i wrote in PHP , it will import the log of Mod Security to a MySQL database and then using Google API's draw charts from the log file.
This project was part of Mod_Security Projectthat i did before.
The heart of this script is the "patterns.php" that include few regular expressions command , it will find parts that we need inside the log file and extract them.

You can download the Project from this link : DOWNLOAD (Inside the Google Drive Press Ctrl+S to download)

SETUP:

Copy all the files inside the zip package into your server path.

Create a database and import the "modsec_db.sql" file into your database.

open config.php in a text editor and change the Database name,username,password,host and the Mod_security log path.

run the Parser.php from your browser ( it might take some times it depends on how big is your log file)

after the parser.php fully loaded and page become Done , open the index.php

input the username and password as following for going into the dashboard.username:root25.compassword:ssap25

For drawing the graphs it need some times.

""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
IMPORTANT: This script need internet access for drawing the charts because i use Google API's for the charts.
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
As i mentioned before this was a student project , so you can change any parts based on your own need.
the hardest part and heart of this script are the patterns inside the "patterns.php" that will help to
find and extract specific parts from the log.
"useragent.php" will extract the details of os and browser from the user-agent information in the log.